Hi,
recently we viewed in our logs a large number of attempts to gain remote access from a bunch of different ip addresses. In Checkpoint it's possible to quickly block a large amount of ip addresses by doing something like 'fwaccel dos deny -l filename'.
Is there something similar in Fortigate (Forti Manager)? We're running 7.0.12 btw.
__PRESENT
Hello
May be one of the possible solution is the IP threat feed (you need to host it on some web server):
On other solution, if these IP addresses are known as bad IPs, to create a firewall rule to deny traffic from "ISDB > Sources with reputation 1".
User | Count |
---|---|
2328 | |
1260 | |
772 | |
453 | |
434 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.